debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #01944
[Bug 2112062] Re: Sync raptor2 from Debian Unstable for questing
This bug was fixed in the package raptor2 - 2.0.16-6
Sponsored for Simon Poirier (simpoir)
---------------
raptor2 (2.0.16-6) unstable; urgency=medium
* QA upload.
* Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
(Closes: #1067896)
* Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
(Closes: #1067896)
* Tests for Github issue 70
-- Salvatore Bonaccorso <carnil@xxxxxxxxxx> Sat, 29 Mar 2025 15:33:08
+0100
raptor2 (2.0.16-5) unstable; urgency=medium
* QA upload.
* Make OpenSSL the primary curl backend.
* Update Standards-Version to 4.7.1, no changes needed.
* Add upstream signing key and check the signature.
-- Simon Quigley <tsimonq2@xxxxxxxxxx> Sat, 22 Feb 2025 17:04:28 -0600
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to raptor2 in Ubuntu.
https://bugs.launchpad.net/bugs/2112062
Title:
Sync raptor2 from Debian Unstable for questing
Status in raptor2 package in Ubuntu:
Fix Released
Bug description:
Scheduled-For: ubuntu-25.06
Ubuntu: 2.0.16-4ubuntu2
Debian Unstable: 2.0.16-6
A new release of raptor2 is available for sync from Debian Unstable.
All current ubuntu patches have been adopted by debian with different
patch names and headers:
* rename debian/patches/{CVE-2024-57823.patch => Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch}
* rename debian/patches/{CVE-2024-57822.patch => Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch}
* rename debian/patches/{CVE-2024-5782x-tests.patch => Tests-for-Github-issue-70.patch}
### New Debian Changes ###
raptor2 (2.0.16-6) unstable; urgency=medium
* QA upload.
* Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
(Closes: #1067896)
* Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
(Closes: #1067896)
* Tests for Github issue 70
-- Salvatore Bonaccorso <carnil@xxxxxxxxxx> Sat, 29 Mar 2025
15:33:08 +0100
raptor2 (2.0.16-5) unstable; urgency=medium
* QA upload.
* Make OpenSSL the primary curl backend.
* Update Standards-Version to 4.7.1, no changes needed.
* Add upstream signing key and check the signature.
-- Simon Quigley <tsimonq2@xxxxxxxxxx> Sat, 22 Feb 2025 17:04:28
-0600
### Old Ubuntu Delta ###
raptor2 (2.0.16-4ubuntu2) questing; urgency=medium
* No-change rebuild for libxml2 soname change.
-- Matthias Klose <doko@xxxxxxxxxx> Wed, 21 May 2025 08:16:01 +0200
raptor2 (2.0.16-4ubuntu1) plucky; urgency=medium
* SECURITY UPDATE: heap overread when parsing triples
- debian/patches/CVE-2024-57822.patch: only allow looking at the last
character of a bnode ID only if bnode length >0 in
src/raptor_ntriples.c.
- debian/patches/CVE-2024-5782x-tests.patch: added test in
configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
tests/bugs/issue70b.c.
- CVE-2024-57822
* SECURITY UPDATE: integer overflow when normalizing a URI
- debian/patches/CVE-2024-57823.patch: return empty buffer if path gets
to 0 length in src/raptor_rfc2396.c.
- debian/patches/CVE-2024-5782x-tests.patch: added test in
configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
tests/bugs/issue70a.c.
- CVE-2024-57823
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Tue, 25 Feb 2025
07:53:56 -0500
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/raptor2/+bug/2112062/+subscriptions
References
